Here’s a collection of recent security vulnerabilities and alerts, which covers multiple unpatched vulnerabilities in the open sourced Mambo CMS, Gento's vulnerability to DOS and remote exploitation, the availability of an update for a disclosed flaw in the UltraVNC client, a security hole in Cisco's Wireless Control System, Security leaks in IBM's Informix Storage Manager and the release of a Parallel Windows password brute forcing tool.
- Multiple unpatched vulnerabilities found in Mambo CMS
Vulnerabilities has been discovered in the open source Mambo content management system (CMS) that can be exploited by attackers to compromise the system and for arbitrary content to be loaded into the CMS. For the attack to succeed though, the image manager must be located in the Web server's root directory.
There is also a cross-site scripting (XSS) and cross-site request forgery vulnerability (CSRF) that has been discovered. This follows in the heel of four security vulnerabilities fixed in late January.
The growing popularity of open source CMS has led to their increasingly being implemented in enterprise Intranet or even customized for Internet-facing systems. In the case of the latter, it is imperative for companies to allocate resources to monitor for new vulnerabilities reported, and take appropriate resources to fix them.
Mambo is written in PHP with a MySql database as the backend. Additional information can be found at BugTraq here. No fix has been issued yet.
- Gentoo vulnerable to DOS, remote exploitation
Gentoo is affected by a vulnerability that can be exploited by remote attackers to cause a DOS or gain complete control of an affected system.
The problems stems from an earlier identified vulnerability in PeerCast and is caused by a buffer overflow error in the "handshakeHTTP()" function in the servhs.cpp. When processing an overly long "SOURCE" request, it is possible for an attacker to crash an affected server or execute arbitrary code.
Gentoo has released an update that fixes this vulnerability.
You can read more about the PeerCast vulnerability here.
- Security update for UltraVNC client
The UltraVNC team has released a security update for vncviewer client that fixes a vulnerability where a Windows system can be remotely compromised. The vulnerability can be exploited when vncviewer is running in listening mode or when connected to a UltraVNC server, though the development team declined to describe the exact cause.
The server itself is not affected, though this bug is present in 1.0.2 (stable) and all release candidates of 1.0.4 and higher.
Users are strongly recommended to install the viewer update as soon as possible. Alternatively, they can disable listening mode, or connect only to trusted servers.
You can read more about the vulnerability at the UltraVNC forum.
- Security hole in Cisco's Wireless Control System
Cisco has issued a security advisory warning about a hole in its Wireless Control System software that is used for managing wireless LANs. A software update has been made available to close the vulnerability.
The processing of address strings longer than 4095 bytes by the Tomcat Java server
mod_jk.somodule could overflow a buffer on the stack allowing injected code to be executed. No authentication is required. This error has been known since last March, and was eliminated by the developer at that time.
Exploits of the vulnerabilities already exist in the wild, according to Cisco. Hence, administrators are strongly urged to update as soon as possible.
You can read the actual security vulnerability by Cisco here.
- Security leaks found in IBM's Informix Storage Manager
The services associated with IBM's Informix Storage Manager (ISM), which is distributed as part of IBM Informix Dynamic Server (IDS), are vulnerable to stack and heap overflows from malicious malformed requests. An attacker can exploit this to gain administrative privileges on the machine.
Affected versions that contain the flawed ISM are the 32-bit Windows versions of IDS 10.00.TC8 and 10.00.FC8 and both the 32 and 64-bit Windows versions of 11.10.TC2 and 11.10.FC2.
Administrators can request current updates from IBM as corrected versions are not expected to be ready until end February or March.
You can read more from the security advisory from IBM if you are affected.
- Parallel Windows password brute forcing tool released
Beta 1 of Bruter has been released late last week. Bruter is a parallel login brute-forcer available for the Win32 platform only.
According to its SourceForge description:
This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
It supports a good list of services covering, FTP, HTTP (Forms and Basic), IMAP, MSSQL, MySQL, POP3, SMB-NT, SMTP, SNMP, SSH2, Telnet.
You can download it here: Bruter_1.0_beta1.zip.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.